def edit_publication(): if not request.is_json: return jsonify(msg="Missing JSON in request", success=0), 400 request_data = request.get_json() publication_id = request_data.get('publication_id') requester = get_jwt_claims() requester_is_active = requester['is_active'] publication = helpers.get_record_from_id(Publication, publication_id) if not publication: return jsonify(msg='Provided publication_id not found.', success=0), 400 if not requester_is_active: return jsonify(msg="Your account is no longer active.", success=0), 401 if not helpers.requester_has_write_privileges(requester): return jsonify(msg="User must have write privileges to edit publications.", success=0), 401 try: publication = helpers.edit_publication_from_dict(request_data) return jsonify(msg='Publication successfully edited.', publication=publication.get_dict(), success=1), 200 except AssertionError as exception_message: return jsonify(msg='Error: {}. Publication not edited'.format(exception_message), success=0), 400
def execute_sql(): if not request.is_json: return jsonify(msg="Missing JSON in request", success=0), 400 requester = get_jwt_claims() request_data = request.get_json() query_id = request_data.get('query_id', None) query = helpers.get_record_from_id(SqlQuery, query_id) connection_id = request_data.get('connection_id', None) connection = helpers.get_record_from_id(Connection, connection_id) raw_sql = query.raw_sql or request_data.get('raw_sql') # viewer users cannot execute arbitrary sql if not helpers.requester_has_write_privileges(requester): return jsonify(msg='Current user does not have permission to execute query.', success=0), 401 if raw_sql: try: results = cm.execute_select_statement(conn=connection, raw_sql=raw_sql) return jsonify(msg='Results provided.', results=results, success=1), 200 except AssertionError as e: return jsonify(msg='Error: {}. No results'.format(e), success=0), 400 except exc.OperationalError as e: return jsonify(msg='Error: {}. No results'.format(e), success=0), 400 else: return jsonify(msg='No SQL provided.', success=0), 400
def edit_contact(): if not request.is_json: return jsonify(msg="Missing JSON in request", success=0), 400 request_data = request.get_json() contact_id = request_data.get('contact_id') requester = get_jwt_claims() requester_is_active = requester['is_active'] contact = helpers.get_record_from_id(Contact, contact_id) if not contact: return jsonify(msg='Provided contact_id not found.', success=0), 400 if not requester_is_active: return jsonify(msg="Your account is no longer active.", success=0), 401 if not helpers.requester_has_write_privileges(requester): return jsonify(msg="User must have write privileges to edit contacts.", success=0), 401 try: contact = helpers.edit_contact_from_dict(request_data) return jsonify(msg='Contact successfully edited.', contact=contact.get_dict(), success=1), 200 except AssertionError as exception_message: return jsonify(msg='Error: {}. Contact not edited'.format(exception_message), success=0), 400
def edit_query(): if not request.is_json: return jsonify(msg="Missing JSON in request", success=0), 400 request_data = request.get_json() query_id = request_data.get('query_id') requester = get_jwt_claims() requester_is_active = requester['is_active'] query = helpers.get_record_from_id(SqlQuery, query_id) if not query: return jsonify(msg='Provided query_id not found.', success=0), 400 if not requester_is_active: return jsonify(msg="Your account is no longer active.", success=0), 401 if not helpers.requester_has_write_privileges(requester): return jsonify(msg="User must have write privileges to edit querys.", success=0), 401 try: query = helpers.edit_query_from_dict(request_data) return jsonify(msg='SqlQuery successfully edited.', query=query.get_dict(), success=1), 200 except AssertionError as exception_message: return jsonify(msg='Error: {}. SqlQuery not edited'.format(exception_message), success=0), 400
def edit_usergroup(): if not request.is_json: return jsonify(msg="Missing JSON in request", success=0), 400 request_data = request.get_json() usergroup_id = request_data.get('usergroup_id') requester = get_jwt_claims() requester_is_active = requester['is_active'] usergroup = helpers.get_record_from_id(Usergroup, usergroup_id) if not usergroup: return jsonify(msg='Provided usergroup_id not found.', success=0), 400 if usergroup.personal_group: return jsonify(msg='Personal usergroups cannot be edited', success=0), 401 if not requester_is_active: return jsonify(msg="Your account is no longer active.", success=0), 401 if not helpers.requester_has_write_privileges(requester): return jsonify(msg="User must have write privileges to edit other usergroups.", success=0), 401 try: usergroup = helpers.edit_usergroup_from_dict(request_data) return jsonify(msg='Usergroup successfully edited.', usergroup=usergroup.get_dict(), success=1), 200 except AssertionError as exception_message: return jsonify(msg='Error: {}. Usergroup not edited'.format(exception_message), success=0), 400
def get_all_contacts(): requester = get_jwt_claims() # must have write privileges see all contacts if not helpers.requester_has_write_privileges(requester): return jsonify(msg='Must have write privileges to view all contacts.', success=0), 401 raw_contacts = Contact.query.all() contacts = list(map(lambda obj: obj.get_dict(), raw_contacts)) return jsonify(msg='Contacts provided.', contacts=contacts, success=1), 200
def delete_contact(): if not request.is_json: return jsonify(msg="Missing JSON in request", success=0), 400 request_data = request.get_json() contact_id = request_data.get('contact_id', None) requester = get_jwt_claims() contact = helpers.get_record_from_id(Contact, contact_id) if not contact_id: return jsonify(msg='Contact ID not provided.', success=0), 400 if not contact: return jsonify(msg='Contact not recognized.', success=0), 400 # viewer users cannot delete contacts if not helpers.requester_has_write_privileges(requester): return jsonify(msg='Current user does not have permission to delete contacts.', success=0), 401 db.session.delete(contact) db.session.commit() return jsonify(msg='Contact deleted.', success=1), 200
def create_contact(): if not request.is_json: return jsonify(msg="Missing JSON in request", success=0), 400 request_data = request.get_json() requester = get_jwt_claims() requester_is_active = requester['is_active'] if not requester_is_active: return jsonify(msg="Your account is no longer active.", success=0), 401 # read-only accounts can't create new contacts if not helpers.requester_has_write_privileges(requester): return jsonify(msg="User must have write privileges to create new contacts.", success=0), 401 try: contact = helpers.create_contact_from_dict(request_data, requester['user_id']) return jsonify(msg='Contact successfully created.', contact=contact.get_dict(), success=1), 200 except AssertionError as exception_message: return jsonify(msg='Error: {}. Contact not created'.format(exception_message), success=0), 400
def delete_publication(): if not request.is_json: return jsonify(msg="Missing JSON in request", success=0), 400 request_data = request.get_json() publication_id = request_data.get('publication_id', None) requester = get_jwt_claims() publication = helpers.get_record_from_id(Publication, publication_id) if not publication_id: return jsonify(msg='Publication ID not provided.', success=0), 400 if not publication: return jsonify(msg='Publication not recognized.', success=0), 400 # viewer users cannot delete publications if not helpers.requester_has_write_privileges(requester): return jsonify(msg='Current user does not have permission to delete publications.', success=0), 401 db.session.delete(publication) db.session.commit() return jsonify(msg='Publication deleted.', success=1), 200
def delete_report(): if not request.is_json: return jsonify(msg="Missing JSON in request", success=0), 400 request_data = request.get_json() report_id = request_data.get('report_id', None) requester = get_jwt_claims() report = Report.query.filter(Report.id == report_id).first() if not report_id: return jsonify(msg='Report ID not provided.', success=0), 400 if not report: return jsonify(msg='Report not recognized.', success=0), 400 # viewer users cannot delete reports if not helpers.requester_has_write_privileges(requester): return jsonify(msg='Current user does not have permission to delete reports.', success=0), 401 db.session.delete(report) db.session.commit() return jsonify(msg='Report deleted.', success=1), 200
def delete_query(): if not request.is_json: return jsonify(msg="Missing JSON in request", success=0), 400 request_data = request.get_json() query_id = request_data.get('query_id', None) requester = get_jwt_claims() query = helpers.get_record_from_id(SqlQuery, query_id) # validate query_id if not query_id: return jsonify(msg='Query ID not provided.', success=0), 400 if not query: return jsonify(msg='Query not recognized.', success=0), 400 # viewer users cannot delete queries if not helpers.requester_has_write_privileges(requester): msg = 'Current user does not have permission to delete queries.' return jsonify(msg=msg, success=0), 401 db.session.delete(query) db.session.commit() return jsonify(msg='Query deleted.', success=1), 200